[Openswan Users] Tunnel goes down for no reason

Roland Plüss roland at rptd.ch
Sat Sep 8 13:19:30 EDT 2007


>>> If you are doing NAT-Traversal, your NAT router might be timing out the
>>> port mapping.
>>>
>>>       
>> No, this should not be the case. I have the following setup:
>>
>> company/home ( both the same ):
>> - ADSL router set to forward all connections to the server ( hence a 1:1
>> mapping sort of )
>>     
>
> That is NAT, and your NAT router will keep and expire state.
>   
Now I'm confused. I have a 1:1 mapping hence I simply forward all
traffic to the server. I do not want to have any NAT state in this one
since my server is doing all the NATing and IPtabling.
>> - Gentoo server with OpenSwan with iptables set to not masquerade the
>> VPN traffic
>>     
>
> If they have public ips right, if they have private ip's, there is NAT
> state.
>   
One has a static public and registered IP. The other has a dynamic one (
did not get around to request a static IP yet ).
>>> You have to first figure out why it is going down. Are both sides openswan?
>>> If both end support DPD, you can enable that.
>>>
>>>       
>> What is DPD in OpenSwan?
>>     
>
> Dead Peer Detection, see dpdaction=,dpdaction=,dpdtimeout.
>   
So for my case I would need dpdaction=restart, dpdtimeout=60 and
dpddelay=30 . But the man page says I need to activate dpd for a
connection. How am I supposed to do this? I found nothing in the man
page about it.

-- 
Yours sincerely
Plüss Roland

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070908/558c32c5/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20070908/558c32c5/attachment.bin 


More information about the Users mailing list